From 85716e8b01c03125774b0f2e0bebf1650367daaf Mon Sep 17 00:00:00 2001 From: Yonghua Huang Date: Thu, 3 May 2018 19:28:17 +0800 Subject: [PATCH] security: fix issues reported by Klocwork - NULL pointer reference risk - buffer overflow risk Signed-off-by: Yonghua Huang --- hypervisor/arch/x86/assign.c | 7 ++----- hypervisor/arch/x86/trusty.c | 10 ++++++++++ hypervisor/debug/shell_internal.c | 20 +++++++++++++++++++- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/hypervisor/arch/x86/assign.c b/hypervisor/arch/x86/assign.c index 2a78dfb40..6a4ce3222 100644 --- a/hypervisor/arch/x86/assign.c +++ b/hypervisor/arch/x86/assign.c @@ -488,9 +488,7 @@ add_msix_remapping(struct vm *vm, uint16_t virt_bdf, uint16_t phys_bdf, entry_id_from_msix(phys_bdf, msix_entry_index)); if (!entry) { if (_lookup_entry_by_vmsi(vm, virt_bdf, msix_entry_index)) { - pr_err("MSIX re-add vbdf%x idx=%d to vm%d", - virt_bdf, entry->msi.msix_entry_index, - entry->vm->attr.id); + pr_err("MSIX re-add vbdf%x", virt_bdf); spinlock_release(&ptdev_lock); return &invalid_entry; @@ -566,8 +564,7 @@ add_intx_remapping(struct vm *vm, uint8_t virt_pin, entry = _lookup_entry_by_id(entry_id_from_intx(phys_pin)); if (!entry) { if (_lookup_entry_by_vintx(vm, virt_pin, vpin_src)) { - pr_err("INTX re-add vpin %d to vm%d", - virt_pin, entry->vm->attr.id); + pr_err("INTX re-add vpin %d", virt_pin); spinlock_release(&ptdev_lock); return &invalid_entry; } diff --git a/hypervisor/arch/x86/trusty.c b/hypervisor/arch/x86/trusty.c index 2a7c875f0..23d2c0f02 100644 --- a/hypervisor/arch/x86/trusty.c +++ b/hypervisor/arch/x86/trusty.c @@ -107,6 +107,11 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig, void *sub_table_addr = NULL, *pml4_base = NULL; struct vm *vm0 = get_vm_from_vmid(0); + if (vm0 == NULL) { + pr_err("Parse vm0 context failed."); + return; + } + if (!vm->sworld_control.sworld_enabled || vm->arch_vm.sworld_eptp != 0) { pr_err("Sworld is not enabled or Sworld eptp is not NULL"); @@ -182,6 +187,11 @@ void destroy_secure_world(struct vm *vm) struct map_params map_params; struct vm *vm0 = get_vm_from_vmid(0); + if (vm0 == NULL) { + pr_err("Parse vm0 context failed."); + return; + } + /* clear trusty memory space */ memset(HPA2HVA(vm->sworld_control.sworld_memory.base_hpa), 0, vm->sworld_control.sworld_memory.length); diff --git a/hypervisor/debug/shell_internal.c b/hypervisor/debug/shell_internal.c index 85f71b2d9..2662623f3 100644 --- a/hypervisor/debug/shell_internal.c +++ b/hypervisor/debug/shell_internal.c @@ -460,7 +460,7 @@ int shell_cmd_help(struct shell *p_shell, /* Calculate spaces needed for alignment */ spaces = MAX_INDENT_LEN - strnlen_s(p_cmd->str, - MAX_INDENT_LEN) + 1; + MAX_INDENT_LEN - 1); space_buf[spaces] = '\0'; shell_puts(p_shell, space_buf); @@ -913,6 +913,9 @@ int shell_show_cpu_int(struct shell *p_shell, { char *temp_str = alloc_page(); + if (temp_str == NULL) + return -ENOMEM; + get_cpu_interrupt_info(temp_str, CPU_PAGE_SIZE); shell_puts(p_shell, temp_str); @@ -926,6 +929,9 @@ int shell_show_ptdev_info(struct shell *p_shell, { char *temp_str = alloc_page(); + if (temp_str == NULL) + return -ENOMEM; + get_ptdev_info(temp_str, CPU_PAGE_SIZE); shell_puts(p_shell, temp_str); @@ -939,6 +945,9 @@ int shell_show_req_info(struct shell *p_shell, { char *temp_str = alloc_page(); + if (temp_str == NULL) + return -ENOMEM; + get_req_info(temp_str, CPU_PAGE_SIZE); shell_puts(p_shell, temp_str); @@ -952,6 +961,9 @@ int shell_show_vioapic_info(struct shell *p_shell, int argc, char **argv) char *temp_str = alloc_page(); uint32_t vmid; + if (temp_str == NULL) + return -ENOMEM; + /* User input invalidation */ if (argc != 2) { snprintf(temp_str, CPU_PAGE_SIZE, "\r\nvmid param needed\r\n"); @@ -972,6 +984,9 @@ int shell_show_ioapic_info(struct shell *p_shell, { char *temp_str = alloc_pages(2); + if (temp_str == NULL) + return -ENOMEM; + get_ioapic_info(temp_str, 2 * CPU_PAGE_SIZE); shell_puts(p_shell, temp_str); @@ -985,6 +1000,9 @@ int shell_show_vmexit_profile(struct shell *p_shell, { char *temp_str = alloc_pages(2); + if (temp_str == NULL) + return -ENOMEM; + get_vmexit_profile(temp_str, 2*CPU_PAGE_SIZE); shell_puts(p_shell, temp_str);